Debian 10228 Published by

The following updates has been released for Debian GNU/Linux:

Debian GNU/Linux 7 Extended LTS:
ELA-31-1 bind9 security update
ELA-32-1 php5 security update
ELA-33-1 libtirpc security update

Debian GNU/Linux 8 LTS:
DLA 1486-1: spice security update
DLA 1487-1: libtirpc security update
DLA 1488-1: mariadb-10.0 security update
DLA 1488-1: spice security update
DLA 1489-1: spice-gtk security update

Debian GNU/Linux 9:
DSA 4282-1: trafficserver security update
DSA 4283-1: ruby-json-jwt security update



ELA-31-1 bind9 security update

Package: bind9
Version: 1:9.8.4.dfsg.P1-6+nmu2+deb7u21
Related CVE: CVE-2018-5740
The “deny-answer-aliases” feature in BIND has a flaw which can cause named to exit with an assertion failure.

For Debian 7 Wheezy, these problems have been fixed in version 1:9.8.4.dfsg.P1-6+nmu2+deb7u21.

We recommend that you upgrade your bind9 packages.

Further information about Extended LTS security advisories can be found at: https://deb.freexian.com/extended-lts/

ELA-32-1 php5 security update

Package: php5
Version: 5.4.45-0+deb7u15
Related CVE: CVE-2018-14851 CVE-2018-14883
Two vulnerabilities have been discovered in php5, a server-side, HTML-embedded scripting language. One (CVE-2018-14851) results in a potential denial of service (out-of-bounds read and application crash) via a crafted JPEG file. The other (CVE-2018-14883) is an Integer Overflow that leads to a heap-based buffer over-read.

For Debian 7 Wheezy, these problems have been fixed in version 5.4.45-0+deb7u15.

We recommend that you upgrade your php5 packages.

Further information about Extended LTS security advisories can be found at: https://deb.freexian.com/extended-lts/

ELA-33-1 libtirpc security update


Package: libtirpc
Version: 0.2.2-5+deb7u2
Related CVE: CVE-2018-14622
This version fixes a segmentation fault due to pointer becoming NULL.

For Debian 7 Wheezy, these problems have been fixed in version 0.2.2-5+deb7u2.

We recommend that you upgrade your libtirpc packages.

Further information about Extended LTS security advisories can be found at: https://deb.freexian.com/extended-lts/

DLA 1486-1: spice security update

Package : spice
Version : 0.12.5-1+deb8u6
CVE ID : CVE-2018-10873
Debian Bug : #906315


A vulnerability was discovered in SPICE before version 0.14.1 where the
generated code used for demarshalling messages lacked sufficient bounds
checks. A malicious client or server, after authentication, could send
specially crafted messages to its peer which would result in a crash or,
potentially, other impacts.

The issue has been fixed by upstream by bailing out with an error if the
pointer to the start of some message data is strictly greater than the
pointer to the end of the message data.

For Debian 8 "Jessie", this problem has been fixed in version
0.12.5-1+deb8u6.

We recommend that you upgrade your spice packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS


--

mike gabriel aka sunweaver (Debian Developer)
fon: +49 (1520) 1976 148

GnuPG Fingerprint: 9BFB AEE8 6C0A A5FF BF22 0782 9AF4 6B30 2577 1B31
mail: sunweaver@debian.org, http://sunweavers.net




DLA 1487-1: libtirpc security update




Package : libtirpc
Version : 0.2.5-1+deb8u2
CVE ID : CVE-2018-14622


CVE-2018-14622
Fix for egmentation fault due to pointer becoming NULL.


For Debian 8 "Jessie", this problem has been fixed in version
0.2.5-1+deb8u2.

We recommend that you upgrade your libtirpc packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS



DLA 1488-1: mariadb-10.0 security update

Package : mariadb-10.0
Version : 10.0.36-0+deb8u1
CVE ID : CVE-2018-3058 CVE-2018-3063 CVE-2018-3064 CVE-2018-3066
Debian Bug : 904121

Several issues have been discovered in the MariaDB database server. The
vulnerabilities are addressed by upgrading MariaDB to the new upstream
version 10.0.36. Please see the MariaDB 10.0 Release Notes for further
details:

https://mariadb.com/kb/en/mariadb/mariadb-10036-release-notes/

CVE-2018-3058

Easily exploitable vulnerability allows low privileged attacker with
network access via multiple protocols to compromise MySQL Server.
Successful attacks of this vulnerability can result in unauthorized
update, insert or delete access to some of MySQL Server accessible data.

CVE-2018-3063

Easily exploitable vulnerability allows high privileged attacker with
network access via multiple protocols to compromise MySQL Server.
Successful attacks of this vulnerability can result in unauthorized
ability to cause a hang or frequently repeatable crash (complete DOS)
of MySQL Server.

CVE-2018-3064

Easily exploitable vulnerability allows low privileged attacker with
network access via multiple protocols to compromise MySQL Server.
Successful attacks of this vulnerability can result in unauthorized
ability to cause a hang or frequently repeatable crash (complete DOS)
of MySQL Server as well as unauthorized update, insert or delete access
to some of MySQL Server accessible data.

CVE-2018-3066

Difficult to exploit vulnerability allows high privileged attacker with
network access via multiple protocols to compromise MySQL Server.
Successful attacks of this vulnerability can result in unauthorized
update, insert or delete access to some of MySQL Server accessible data
as well as unauthorized read access to a subset of MySQL Server
accessible data.


For Debian 8 "Jessie", these problems have been fixed in version
10.0.36-0+deb8u1.

We recommend that you upgrade your mariadb-10.0 packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS



DLA 1488-1: spice security update

Package : spice
Version : 0.12.5-1+deb8u6
CVE ID : CVE-2018-10873
Debian Bug : #906315


A vulnerability was discovered in SPICE before version 0.14.1 where the
generated code used for demarshalling messages lacked sufficient bounds
checks. A malicious client or server, after authentication, could send
specially crafted messages to its peer which would result in a crash or,
potentially, other impacts.

The issue has been fixed by upstream by bailing out with an error if the
pointer to the start of some message data is strictly greater than the
pointer to the end of the message data.

For Debian 8 "Jessie", this problem has been fixed in version
0.12.5-1+deb8u6.

We recommend that you upgrade your spice packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

DLA 1489-1: spice-gtk security update

Package : spice-gtk
Version : 0.25-1+deb8u1
CVE ID : CVE-2018-10873
Debian Bug : 906316

A vulnerability was discovered in SPICE before version 0.14.1 where the
generated code used for demarshalling messages lacked sufficient bounds
checks. A malicious client or server, after authentication, could send
specially crafted messages to its peer which would result in a crash or,
potentially, other impacts.

The issue has been fixed by upstream by bailing out with an error if the
pointer to the start of some message data is strictly greater than the
pointer to the end of the message data.

The above issue and fix have already been announced for the "spice"
Debian package (as DLA-1486-1 [1]). This announcement is about the
"spice-gtk" Debian package (which ships some copies of code from the
"spice" package, where the fix of this issue had to be applied).

[1] https://lists.debian.org/debian-lts-announce/2018/08/msg00037.html

For Debian 8 "Jessie", this problem has been fixed in version
0.25-1+deb8u1.

We recommend that you upgrade your spice-gtk packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

DSA 4282-1: trafficserver security update




- -------------------------------------------------------------------------
Debian Security Advisory DSA-4282-1 security@debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
August 31, 2018 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : trafficserver
CVE ID : CVE-2018-1318 CVE-2018-8004 CVE-2018-8005 CVE-2018-8040

Several vulnerabilities were discovered in Apache Traffic Server, a
reverse and forward proxy server, which could result in denial of
service, cache poisoning or information disclosure.

For the stable distribution (stretch), these problems have been fixed in
version 7.0.0-6+deb9u2.

We recommend that you upgrade your trafficserver packages.

For the detailed security status of trafficserver please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/trafficserver

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/



DSA 4283-1: ruby-json-jwt security update




- -------------------------------------------------------------------------
Debian Security Advisory DSA-4283-1 security@debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
August 31, 2018 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : ruby-json-jwt
CVE ID : CVE-2018-1000539

It was discovered that ruby-json-jwt, a Ruby implementation of JSON web
tokens performed insufficient validation of GCM auth tags.

For the stable distribution (stretch), this problem has been fixed in
version 1.6.2-1+deb9u1.

We recommend that you upgrade your ruby-json-jwt packages.

For the detailed security status of ruby-json-jwt please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/ruby-json-jwt

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/